Gitiles
Code Review Sign In
192.168.1.100 / T108 / e958203796650e3959a43708d67534bf36f4c83b^! / . / external / subpack / net / openconnect / files / openconnect.sh
commite958203796650e3959a43708d67534bf36f4c83b[log] [tgz]
authorb.liu <b.liu@mobiletek.cn>Thu Apr 17 19:18:16 2025 +0800
committerb.liu <b.liu@mobiletek.cn>Thu Apr 17 19:18:16 2025 +0800
treeb2d43b7c77053224287779c12b5e890cadc3d327
parentf51a5559b56d8fd47d9623531065443befb43e5b [diff] [blame]
ASR_BASE

Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1

diff --git a/external/subpack/net/openconnect/files/openconnect.sh b/external/subpack/net/openconnect/files/openconnect.sh
new file mode 100755
index 0000000..37f1945
--- /dev/null
+++ b/external/subpack/net/openconnect/files/openconnect.sh

@@ -0,0 +1,153 @@
+#!/bin/sh
+. /lib/functions.sh
+. ../netifd-proto.sh
+init_proto "$@"
+
+append_args() {
+	while [ $# -gt 0 ]; do
+		append cmdline "'${1//\'/\'\\\'\'}'"
+		shift
+	done
+}
+
+proto_openconnect_init_config() {
+	proto_config_add_string "server"
+	proto_config_add_int "port"
+	proto_config_add_int "mtu"
+	proto_config_add_int "juniper"
+	proto_config_add_string "vpn_protocol"
+	proto_config_add_boolean "no_dtls"
+	proto_config_add_string "interface"
+	proto_config_add_string "username"
+	proto_config_add_string "serverhash"
+	proto_config_add_string "authgroup"
+	proto_config_add_string "usergroup"
+	proto_config_add_string "password"
+	proto_config_add_string "password2"
+	proto_config_add_string "token_mode"
+	proto_config_add_string "token_secret"
+	proto_config_add_string "token_script"
+	proto_config_add_string "os"
+	proto_config_add_string "csd_wrapper"
+	proto_config_add_array 'form_entry:regex("[^:]+:[^=]+=.*")'
+	no_device=1
+	available=1
+}
+
+proto_openconnect_add_form_entry() {
+	[ -n "$1" ] && append_args --form-entry "$1"
+}
+
+proto_openconnect_setup() {
+	local config="$1"
+
+	json_get_vars \
+		authgroup \
+		csd_wrapper \
+		form_entry \
+		interface \
+		juniper \
+		vpn_protocol \
+		mtu \
+		no_dtls \
+		os \
+		password \
+		password2 \
+		port \
+		server \
+		serverhash \
+		token_mode \
+		token_script \
+		token_secret \
+		usergroup \
+		username \
+
+	grep -q tun /proc/modules || insmod tun
+	ifname="vpn-$config"
+
+	logger -t openconnect "initializing..."
+
+	logger -t "openconnect" "adding host dependency for $server at $config"
+	for ip in $(resolveip -t 10 "$server"); do
+		logger -t "openconnect" "adding host dependency for $ip at $config"
+		proto_add_host_dependency "$config" "$ip" "$interface"
+	done
+
+	[ -n "$port" ] && port=":$port"
+
+	append_args "$server$port" -i "$ifname" --non-inter --syslog --script /lib/netifd/vpnc-script
+	[ "$no_dtls" = 1 ] && append_args --no-dtls
+	[ -n "$mtu" ] && append_args --mtu "$mtu"
+
+	# migrate to standard config files
+	[ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem"
+	[ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem"
+	[ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem"
+
+	[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append_args -c "/etc/openconnect/user-cert-vpn-$config.pem"
+	[ -f /etc/openconnect/user-key-vpn-$config.pem ] && append_args --sslkey "/etc/openconnect/user-key-vpn-$config.pem"
+	[ -f /etc/openconnect/ca-vpn-$config.pem ] && {
+		append_args --cafile "/etc/openconnect/ca-vpn-$config.pem"
+		append_args --no-system-trust
+	}
+
+	if [ "${juniper:-0}" -gt 0 ]; then
+		append_args --juniper
+	fi
+
+	[ -n "$vpn_protocol" ] && {
+		append_args --protocol "$vpn_protocol"
+	}
+
+	[ -n "$serverhash" ] && {
+		append_args "--servercert=$serverhash"
+		append_args --no-system-trust
+	}
+	[ -n "$authgroup" ] && append_args --authgroup "$authgroup"
+	[ -n "$usergroup" ] && append_args --usergroup "$usergroup"
+	[ -n "$username" ] && append_args -u "$username"
+	[ -n "$password" ] || [ "$token_mode" = "script" ] && {
+		umask 077
+		mkdir -p /var/etc
+		pwfile="/var/etc/openconnect-$config.passwd"
+		[ -n "$password" ] && {
+			echo "$password" > "$pwfile"
+			[ -n "$password2" ] && echo "$password2" >> "$pwfile"
+		}
+		[ "$token_mode" = "script" ] && {
+			$token_script >> "$pwfile" 2> /dev/null || {
+				logger -t openconenct "Cannot get password from script '$token_script'"
+				proto_setup_failed "$config"
+			}
+		}
+		append_args --passwd-on-stdin
+	}
+
+	[ -n "$token_mode" -a "$token_mode" != "script" ] && append_args "--token-mode=$token_mode"
+	[ -n "$token_secret" ] && append_args "--token-secret=$token_secret"
+	[ -n "$os" ] && append_args "--os=$os"
+	[ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append_args "--csd-wrapper=$csd_wrapper"
+
+	json_for_each_item proto_openconnect_add_form_entry form_entry
+
+	proto_export INTERFACE="$config"
+	logger -t openconnect "executing 'openconnect $cmdline'"
+
+	if [ -f "$pwfile" ]; then
+		eval "proto_run_command '$config' /usr/sbin/openconnect-wrapper '$pwfile' $cmdline"
+	else
+		eval "proto_run_command '$config' /usr/sbin/openconnect $cmdline"
+	fi
+}
+
+proto_openconnect_teardown() {
+	local config="$1"
+
+	pwfile="/var/etc/openconnect-$config.passwd"
+
+	rm -f $pwfile
+	logger -t openconnect "bringing down openconnect"
+	proto_kill_command "$config" 2
+}
+
+add_protocol openconnect